@inproceedings{flowdroid,
  title={Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps},
  author={Arzt, Steven and Rasthofer, Siegfried and Bodden, E and Bartel, A and Klein, J and Le Traon, Y and Octeau, D and McDaniel, P},
  booktitle={Proceedings of the 35th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI 2014)},
  year={2014}
}
@inproceedings{iosmalware,
  title={Jekyll on iOS: when benign apps become evil},
  author={Wang, Tielei and Lu, Kangjie and Lu, Long and Chung, Simon and Lee, Wenke},
  booktitle={Presented as part of the 22nd USENIX Security Symposium}},
  pages={559--572},
  year={2013},
  organization={USENIX}}
}

@inproceedings{taintdroid,
 author = {Enck, William and Gilbert, Peter and Chun, Byung-Gon and Cox, Landon P. and Jung, Jaeyeon and McDaniel, Patrick and Sheth, Anmol N.},
 title = {{TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones}},
 booktitle = {Proceedings of the 9th USENIX conference on Operating systems design and implementation},
 series = {OSDI'10},
 year = {2010},
 location = {Vancouver, BC, Canada},
 pages = {1--6},
 numpages = {6},
 url = {http://dl.acm.org/citation.cfm?id=1924943.1924971},
 acmid = {1924971},
 publisher = {USENIX Association},
 address = {Berkeley, CA, USA},
} 
@inproceedings{androidgenome,
  title={Dissecting android malware: Characterization and evolution},
  author={Zhou, Yajin and Jiang, Xuxian},
  booktitle={Security and Privacy (SP), 2012 IEEE Symposium on},
  pages={95--109},
  year={2012},
  organization={IEEE}
}
@inproceedings{sehr2010adapting,
  title={Adapting Software Fault Isolation to Contemporary CPU Architectures.},
  author={Sehr, David and Muth, Robert and Biffle, Cliff and Khimenko, Victor and Pasko, Egor and Schimpf, Karl and Yee, Bennet and Chen, Brad},
  booktitle={USENIX Security Symposium},
  pages={1--12},
  year={2010}
}
@inproceedings{mccamant2006evaluating,
  title={Evaluating SFI for a CISC architecture},
  author={McCamant, Stephen and Morrisett, Greg},
  booktitle={15th USENIX Security Symposium},
  pages={209--224},
  year={2006}
}

@inproceedings{yee2009native,
  title={Native client: A sandbox for portable, untrusted x86 native code},
  author={Yee, Bennet and Sehr, David and Dardyk, Gregory and Chen, J Bradley and Muth, Robert and Ormandy, Tavis and Okasaka, Shiki and Narula, Neha and Fullagar, Nicholas},
  booktitle={Security and Privacy, 2009 30th IEEE Symposium on},
  pages={79--93},
  year={2009},
  organization={IEEE}
}
@inproceedings{slicing,
 author = {Weiser, Mark},
 title = {Program slicing},
 booktitle = {Proceedings of the 5th international conference on Software engineering},
 series = {ICSE '81},
 year = {1981},
 isbn = {0-89791-146-6},
 location = {San Diego, California, USA},
 pages = {439--449},
 numpages = {11},
 url = {http://dl.acm.org/citation.cfm?id=800078.802557},
 acmid = {802557},
 publisher = {IEEE Press},
 address = {Piscataway, NJ, USA},
 keywords = {Data flow analysis, Debugging, Human factors, Program maintenance, Program metrics, Software tools},
} 

@inproceedings{purandare2013optimizing,
  title={Optimizing monitoring of finite state properties through monitor compaction},
  author={Purandare, Rahul and Dwyer, Matthew B and Elbaum, Sebastian},
  booktitle={Proceedings of the 2013 International Symposium on Software Testing and Analysis},
  pages={280--290},
  year={2013},
  organization={ACM}
}

@inproceedings{constantpropagation,
  title={Interprocedural constant propagation},
  author={Callahan, David and Cooper, Keith D and Kennedy, Ken and Torczon, Linda},
  booktitle={ACM SIGPLAN Notices},
  volume={21},
  number={7},
  pages={152--161},
  year={1986},
  organization={ACM}
}

@book{copypropagation,
  title={Compilers: principles, techniques, \& tools},
  author={Aho, Alfred V and others},
  year={2007},
  publisher={Pearson Education India}
}

@article{pdg,
  title={The program dependence graph and its use in optimization},
  author={Ferrante, Jeanne and Ottenstein, Karl J and Warren, Joe D},
  journal={ACM Transactions on Programming Languages and Systems (TOPLAS)},
  volume={9},
  number={3},
  pages={319--349},
  year={1987},
  publisher={ACM}
}

@article{luo2013enforcemop,
  title={EnforceMOP: A Runtime Property Enforcement System for Multithreaded Programs},
  author={Luo, Qingzhou and Rosu, Grigore},
  year={2013}
}

@inproceedings{jin-meredith-lee-rosu-2012-tool-icse,
title={Java{MOP}: Efficient Parametric Runtime Monitoring Framework},
author={Dongyun Jin and Patrick O'Neil Meredith and Choonghwan Lee and Grigore Ro\c{s}u},
booktitle={Proceeding of the 34th International Conference on Software Engineering (ICSE'12)},
year={2012},
publisher={IEEE},
pages={1427--1430}
}
@inproceedings{KimKCS09,
  added-at = {2009-11-23T00:00:00.000+0100},
  author = {Kim, Hyung Chan and Keromytis, Angelos D. and Covington, Michael and Sahita, Ravi},
  biburl = {http://www.bibsonomy.org/bibtex/26308ecd10a45293deb9a08db86579fc6/dblp},
  booktitle = {ARES},
  date = {2009-11-23},
  description = {dblp},
  ee = {http://dx.doi.org/10.1109/ARES.2009.56},
  interhash = {506fe77dc4db83a876e4078504661eb3},
  intrahash = {6308ecd10a45293deb9a08db86579fc6},
  keywords = {dblp},
  pages = {355-362},
  publisher = {IEEE Computer Society},
  timestamp = {2009-11-23T00:00:00.000+0100},
  title = {Capturing Information Flow with Concatenated Dynamic Taint Analysis.},
  url = {http://dblp.uni-trier.de/db/conf/IEEEares/ares2009.html#KimKCS09},
  year = 2009
}


@inproceedings{Cousot,
 author = {Cousot, Patrick and Cousot, Radhia},
 title = {Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints},
 booktitle = {Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages},
 series = {POPL '77},
 year = {1977},
 location = {Los Angeles, California},
 pages = {238--252},
 numpages = {15},
 url = {http://doi.acm.org/10.1145/512950.512973},
 doi = {10.1145/512950.512973},
 acmid = {512973},
 publisher = {ACM},
 address = {New York, NY, USA},
} 

@inproceedings{juxtapp,
  title={{Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications}},
  author={Hanna, Steve and Huang, Ling and Wu, Edward and Li, Shaung and Chen, Charles and Song, Dawn},
  booktitle={Proceedings of the 9th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
  year={2012}
}
@inproceedings{freemarket,
    author = {Reynaud, Daniel and Song, Dawn and Magrino, Tom and Edward Wu, Richard S.},
    booktitle = {Proceedings of the 19th Annual Network \& Distributed System Security Symposium},
    citeulike-article-id = {10331867},
    citeulike-linkout-0 = {http://droidblaze.cs.berkeley.edu/freemarket.pdf},
    keywords = {android, security, smartphones},
    location = {San Diego, CA, USA},
    month = feb,
    posted-at = {2012-02-10 10:05:48},
    priority = {2},
    title = {{FreeMarket}: Shopping for free in {Android} applications},
    url = {http://droidblaze.cs.berkeley.edu/freemarket.pdf},
    year = {2012}
}




@INPROCEEDINGS{Wolverine, 
author={Bhoraskar, R. and Vankadhara, N. and Raman, B. and Kulkarni, P.}, 
booktitle={Communication Systems and Networks (COMSNETS), 2012 Fourth International Conference on}, 
title={Wolverine: Traffic and road condition estimation using smartphone sensors}, 
year={2012}, 
month={jan.}, 
volume={}, 
number={}, 
pages={1 -6}, 
keywords={GPS devices;accelerometers;congested traffic conditions;magnetometer sensor;monetary cost;nonintrusive method;road condition estimation;smart phone sensors;traffic condition estimation;traffic signals;Global Positioning System;accelerometers;magnetometers;mobile radio;road traffic;}, 
doi={10.1109/COMSNETS.2012.6151382}, 
ISSN={},}


@inproceedings{Hussein:2012:SME:2336717.2336720,
 author = {Hussein, Soha and Meredith, Patrick and Ro\c{s}lu, Grigore},

 title = {{Security-policy monitoring and enforcement with JavaMOP}},

 booktitle = {Proceedings of the 7th Workshop on Programming Languages and Analysis for Security},
 series = {PLAS '12},
 year = {2012},
 isbn = {978-1-4503-1441-1},
 location = {Beijing, China},
 pages = {3:1--3:11},
 articleno = {3},
 numpages = {11},
 url = {http://doi.acm.org/10.1145/2336717.2336720},
 doi = {10.1145/2336717.2336720},
 acmid = {2336720},
 publisher = {ACM},
 address = {New York, NY, USA},
} 

@phdthesis{Erlingsson:2004:IRM:997617,
 author = {Erlingsson, \'{U}lfar},
 advisor = {Schneider, Fred B.},
 title = {{The inlined reference monitor approach to security policy enforcement}},
 year = {2004},
 note = {AAI3114521},
 publisher = {Cornell University},
 address = {Ithaca, NY, USA},
}



@misc{droidbench,
title = "DroidBench",
Howpublished = {\url{https://github.com/secure-software-engineering/DroidBench}},
year = "2014"
}

@misc{smali,
title = "Smali/Baksmali",
Howpublished = {\url{https://code.google.com/p/smali/}},
year = "2014"
}
@inproceedings{permissionmap,
  title={Pscout: analyzing the android permission specification},
  author={Au, Kathy Wain Yee and Zhou, Yi Fan and Huang, Zhen and Lie, David},
  booktitle={Proceedings of the 2012 ACM conference on Computer and communications security},
  pages={217--228},
  year={2012},
  organization={ACM}
}
@article{scandroid,
  title={SCanDroid: Automated security certification of Android applications},
  author={Fuchs, Adam P and Chaudhuri, Avik and Foster, Jeffrey S},
  journal={Manuscript, Univ. of Maryland, http://www. cs. umd. edu/\~{} avik/projects/scandroidascaa},
  year={2009},
  publisher={Citeseer}
}

@misc{EETimes,
title = "More than a third of {A}ndroid apps host malware",
author = "Rick Merrit",
Howpublished = {\url{http://www.eetimes.com/electronics-news/4391305/More-than-a-third-of-Android-apps-host-malware}},
year = "2012"
}

@misc{art,
title = "Introducing ART",
author = "Google",
Howpublished = {\url{http://source.android.com/devices/tech/dalvik/art.html}},
year = "2013"
}

@misc{cbs,
title = "Study: Number of smartphone users tops 1 billion",
author = "Sara Dover",
Howpublished = {\url{http://www.cbsnews.com/news/study-number-of-smartphone-users-tops-1-billion/}},
year = "2013"
}

@misc{forbes,
title = "Google Aims At Next Billion Smartphone Users With New Android, First On New Nexus 5 Phone",
author = "Robert Hof",
Howpublished = {\url{http://www.forbes.com/sites/roberthof/2013/10/31/google-aims-at-next-billion-smartphone-users-with-new-android-nexus5/}},
year = "2013"
}

@misc{rsa,
title = "IT Security Trends 2013: Mobile security concerns tops the list",
author = "Robert Richardson",
Howpublished = {\url{http://searchsecurity.techtarget.com/feature/IT-Security-Trends-2013-Mobile-security-concerns-tops-the-list}},
year = "2013"
}


@misc{jif,
title = "Jif: Java + information flow",
Howpublished = {\url{http://www.cs.cornell.edu/jif/}}
}

@ARTICLE{Zhu11tainteraser:protecting,
    author = {David (Yu) Zhu and Tadayoshi Kohno and Jaeyeon Jung and Dawn Song and David Wetherall},
    title = {TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking},
    journal = {SIGOPS Operating Systems Review},
    year = {2011}
}

@INPROCEEDINGS{xiao12:privacy,
    author = {Xusheng Xiao and Nikolai Tillmann and Manuel Fahndric and Jonathan de Halleux and Michal Moskal},
    title = {User-Aware Privacy Control via Extended Static-Information-Flow Analysis},
    booktitle = {Proc. 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012)},
    month = {Sep},
    year = {2012}, 
    location = {Essen, Germany},
    url = {https://sites.google.com/site/xushengxiaoshome/publications}, 
}


@misc{TrendMicro,
title  = "Trend Micro {Q3} security report",
Howpublished    = {\url{http://securityaffairs.co/wordpress/9672/cyber-crime/trend-micro-q3-security-report.html}},
year   = "2012"
}


@misc{Sparta,
title  = "SPARTA: mobile device security",
Howpublished    = {\url{http://www.cs.washington.edu/sparta}},
year   = "2012"
}

@inproceedings{thinslicing,
 author = {Sridharan, Manu and Fink, Stephen J. and Bodik, Rastislav},
 title = {Thin slicing},
 booktitle = {Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation},
 series = {PLDI '07},
 year = {2007},
 isbn = {978-1-59593-633-2},
 location = {San Diego, California, USA},
 pages = {112--122},
 numpages = {11},
 url = {http://doi.acm.org/10.1145/1250734.1250748},
 doi = {10.1145/1250734.1250748},
 acmid = {1250748},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {debugging, program understanding, slicing},
} 


@misc{CorporationsLove,

title  = "Corporations love i{OS} more than {B}lackBerry {OS}; {A}ndroid seen as a security risk",

Howpublished    = {\url{http://www.phonearena.com/news/Corporations-love-iOS-more-than-BlackBerry-OS-Android-seen-as-a-security-risk_id26042}},
year   = "2012"
}


@misc{AppReviewTime,
title  = "Average App Store Review Times",
Howpublished    = {\url{http://reviewtimes.shinydevelopment.com/}},
year   = "2012"
}

@misc{NumAppStoreApps,
title = "Number of available {A}ndroid applications",
Howpublished = {\url{http://www.appbrain.com/stats/number-of-android-apps}},
year = "2012"
}

@INPROCEEDINGS{malware1, 
author={Yajin Zhou and Xuxian Jiang}, 
booktitle={Security and Privacy (SP), 2012 IEEE Symposium on}, title={Dissecting {A}ndroid {M}alware: {C}haracterization and {E}volution}, 
year={2012}, 
month={may}, 
volume={}, 
number={}, 
pages={95 -- 109}, 
keywords={Android malware family;Android platform;activation mechanisms;carried malicious payloads;defense capability;evolution-based study;installation methods;mobile antivirus software;mobile malware;next-generation antimobile-malware solutions;representative family;representative mobile security software;smart phones;computer viruses;mobile computing;operating systems (computers);smart phones;}, 
doi={10.1109/SP.2012.16}, 
ISSN={1081-6011},}


@inproceedings{malware2,
 author = {Peng, Hao and Gates, Chris and Sarma, Bhaskar and Li, Ninghui and Qi, Yuan and Potharaju, Rahul and Nita-Rotaru, Cristina and Molloy, Ian},
 title = {{Using probabilistic generative models for ranking risks of Android apps}},
 booktitle = {Proceedings of the 2012 ACM conference on Computer and communications security},
 series = {CCS '12},
 year = {2012},
 isbn = {978-1-4503-1651-4},
 location = {Raleigh, North Carolina, USA},
 pages = {241--252},
 numpages = {12},
 url = {http://doi.acm.org/10.1145/2382196.2382224},
 doi = {10.1145/2382196.2382224},
 acmid = {2382224},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {data mining, malware, mobile, risk},
} 


@inproceedings{behavior1,
 author = {Yan, Lok Kwong and Yin, Heng},
 title = {DroidScope: seamlessly reconstructing the {OS} and {D}alvik semantic views for dynamic {A}ndroid malware analysis},
 booktitle = {Proceedings of the 21st USENIX conference on Security symposium},
 series = {Security'12},
 year = {2012},
 location = {Bellevue, WA},
 pages = {29--29},
 numpages = {1},
 url = {http://dl.acm.org/citation.cfm?id=2362793.2362822},
 acmid = {2362822},
 publisher = {USENIX Association},
 address = {Berkeley, CA, USA},
} 


@inproceedings{malware3,
  title={Hey, you, get off of my market: {D}etecting malicious apps in official and alternative {A}ndroid markets},
  author={Zhou, Y. and Wang, Z. and Zhou, W. and Jiang, X.},
  booktitle={Proc. of the 19th Annual Network and Distributed System Security Symposium (NDSS)},
  year={2012}
}


@inproceedings{pegasus,
  title={{Detecting Unauthorised Behavior in Android Applications with Permission Event Graph}},
  author={Chen, Keivn and D'Silva, Vijay and Johnson, Noah and MacNamara, Kile and Rinard, Martin and Song, Dawn and Wu, Edward},
  booktitle={Proc. of the 20th Annual Network and Distributed System Security Symposium (NDSS)},
  year={2013}
}

@inproceedings{malware4,
 author = {Grace, Michael and Zhou, Yajin and Zhang, Qiang and Zou, Shihong and Jiang, Xuxian},
 title = {{RiskRanker: scalable and accurate zero-day android malware detection}},
 booktitle = {Proceedings of the 10th international conference on Mobile systems, applications, and services},
 series = {MobiSys '12},
 year = {2012},
 isbn = {978-1-4503-1301-8},
 location = {Low Wood Bay, Lake District, UK},
 pages = {281--294},
 numpages = {14},
 url = {http://doi.acm.org/10.1145/2307636.2307663},
 doi = {10.1145/2307636.2307663},
 acmid = {2307663},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {android, malware, riskranker},
} 


@inproceedings{behavior2,
 author = {Hornyack, Peter and Han, Seungyeop and Jung, Jaeyeon and Schechter, Stuart and Wetherall, David},
 title = {{These aren't the droids you're looking for: Retrofitting android to protect data from imperious applications}},
 booktitle = {Proceedings of the 18th ACM conference on Computer and communications security},
 series = {CCS '11},
 year = {2011},
 isbn = {978-1-4503-0948-6},
 location = {Chicago, Illinois, USA},
 pages = {639--652},
 numpages = {14},
 url = {http://doi.acm.org/10.1145/2046707.2046780},
 doi = {10.1145/2046707.2046780},
 acmid = {2046780},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {android, privacy, smartphone},
} 

@inproceedings{behavior3,
 author = {Chin, Erika and Felt, Adrienne Porter and Greenwood, Kate and Wagner, David},
 title = {{Analyzing inter-application communication in Android}},
 booktitle = {Proceedings of the 9th international conference on Mobile systems, applications, and services},
 series = {MobiSys '11},
 year = {2011},
 isbn = {978-1-4503-0643-0},
 location = {Bethesda, Maryland, USA},
 pages = {239--252},
 numpages = {14},
 url = {http://doi.acm.org/10.1145/1999995.2000018},
 doi = {10.1145/1999995.2000018},
 acmid = {2000018},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {Android, intents, message passing, mobile phone security},
} 

@inproceedings{aurasium,
  title={{Aurasium: Practical Policy Enforcement for Android Applications}},
  author={Xu, R. and Sa{\i}di, H. and Anderson, R.},
  booktitle={Proceedings of the 21st USENIX conference on Security},
  year={2012}
}
